Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-40980

Summary
Assigner-trendmicro
Assigner Org ID-7f7bd7df-cffe-4fdb-ab6d-859363b89272
Published At-19 Sep, 2022 | 18:01
Updated At-03 Aug, 2024 | 12:28
Rejected At-
Credits

A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:trendmicro
Assigner Org ID:7f7bd7df-cffe-4fdb-ab6d-859363b89272
Published At:19 Sep, 2022 | 18:01
Updated At:03 Aug, 2024 | 12:28
Rejected At:
▼CVE Numbering Authority (CNA)

A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2.

Affected Products
Vendor
Trend Micro IncorporatedTrend Micro
Product
Trend Micro Mobile Security for Enterprise
Versions
Affected
  • 9.8 SP5
Problem Types
TypeCWE IDDescription
textN/AUnauthenticated File Deletion
Type: text
CWE ID: N/A
Description: Unauthenticated File Deletion
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://files.trendmicro.com/documentation/readme/tmms_sp5_cp2/tmms-ee_9.8_sp5_patch2_readme_server.txt
x_refsource_MISC
Hyperlink: https://files.trendmicro.com/documentation/readme/tmms_sp5_cp2/tmms-ee_9.8_sp5_patch2_readme_server.txt
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://files.trendmicro.com/documentation/readme/tmms_sp5_cp2/tmms-ee_9.8_sp5_patch2_readme_server.txt
x_refsource_MISC
x_transferred
Hyperlink: https://files.trendmicro.com/documentation/readme/tmms_sp5_cp2/tmms-ee_9.8_sp5_patch2_readme_server.txt
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@trendmicro.com
Published At:19 Sep, 2022 | 18:15
Updated At:21 Sep, 2022 | 18:15

A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CPE Matches
Trend Micro Incorporated
trendmicro
>>mobile_security>>9.8
cpe:2.3:a:trendmicro:mobile_security:9.8:sp5:*:*:enterprise:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://files.trendmicro.com/documentation/readme/tmms_sp5_cp2/tmms-ee_9.8_sp5_patch2_readme_server.txtsecurity@trendmicro.com
Release Notes
Vendor Advisory
Hyperlink: https://files.trendmicro.com/documentation/readme/tmms_sp5_cp2/tmms-ee_9.8_sp5_patch2_readme_server.txt
Source: security@trendmicro.com
Resource:
Release Notes
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2023-32521
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-9.1||CRITICAL
EPSS-71.11% / 98.65%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 21:52
Updated-05 Dec, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-mobile_securityTrend Micro Moibile Security for Enterprise
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-0587
Matching Score-8
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-8
Assigner-Trend Micro, Inc.
CVSS Score-9.1||CRITICAL
EPSS-26.56% / 96.14%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 00:00
Updated-27 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-apex_oneTrend Micro Apex One
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
Details not found